diff --git a/templates/scc.yaml b/templates/scc.yaml
new file mode 100644
index 0000000..9855704
--- /dev/null
+++ b/templates/scc.yaml
@@ -0,0 +1,24 @@
+kind: SecurityContextConstraints
+apiVersion: security.openshift.io/v1
+metadata:
+  name: vault-restricted
+allowPrivilegedContainer: false
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+runAsUser:
+  type: MustRunAs
+  uid: 100
+seLinuxContext:
+  type: MustRunAs
+fsGroup:
+  type: MustRunAs
+supplementalGroups:
+  type: RunAsAny
+defaultAddCapabilities: []
+requiredDropCapabilities:
+- ALL
+users: []
+groups: []